A NULL scan is a type of TCP scan where no TCP flags are set in the packet. This unconventional packet is used to evade firewalls and intrusion detection systems and to determine the state of a port based on the response.
Behavior:
From CEH v13 Courseware:
Module 3: Scanning Networks
Topic: TCP Flag Scanning Methods
CEH v13 Study Guide states:
“A NULL scan sends a TCP packet with all flags turned off. The system’s response (or lack thereof) allows the attacker to infer whether a port is open or closed, especially on UNIX-based systems.”
Incorrect Options:
B: Vague and inaccurate
C: Refers to Xmas scan (URG, PSH, FIN)
D/E: Irrelevant to TCP flags
[Reference:CEH v13 Study Guide – Module 3: Scanning Networks → TCP NULL ScansRFC 793 – TCP Protocol Behavior, ==================================================================, ]
